Information Security
xss vulnerability html
Updated Wed, 21 Sep 2022 21:23:15 GMT

Risk of injecting a malicious script/code?


I was was inspecting elements in a website and I randomly stumbled onto this piece of code .

</style><meta name="add-styles-here"/><meta name="add-scripts-here"/></head><body><kbn-csp data="{&quot;strictCsp&quot;:false}">

Question : is there a chance to inject malicious code inside the data field ?




Solution

No, that's the current state of the CSP configuration of Kibana and this value come from the configuration not the client side. You can check the source code here and the CSP configuration here.